Cyberduck
Mountain Duck
CLI#10371 closed defect (fixed)
Incorrectly assumes ETag and MD5 are equivalent
| Reported by: | rpkelly | Owned by: | dkocher |
|---|---|---|---|
| Priority: | normal | Milestone: | 6.7.0 |
| Component: | s3 | Version: | 6.6.1 |
| Severity: | normal | Keywords: | |
| Cc: | Architecture: | ||
| Platform: |
Description
Cyberduck assumes that the ETag returned by S3 is equivalent to the MD5 checksum of the file's content. This is not a valid assumption. The ETag will only be the MD5 of the object data when the object is stored as plaintext or encrypted using SSE-S3. If the object is encrypted using another method (such as SSE-C or SSE-KMS) the ETag is not the MD5 of the object data. If the object was created via a multipart upload, the ETag is not the MD5 of the object data.
Attachments (3)
Change History (10)
comment:1 Changed 8 weeks ago by dkocher
- Component changed from core to s3
- Owner set to dkocher
- Summary changed from Cyberduck incorrectly assumes ETag and MD5 are equivalent for S3 to Incorrectly assumes ETag and MD5 are equivalent
comment:2 Changed 8 weeks ago by dkocher
comment:3 Changed 8 weeks ago by rpkelly
See the attached screenshots. Cyberduck displays a warning saying there is a mismatch. I also calculate the MD5 of the file via the command line and am attaching a screenshot of the ETag shown in the S3 console.
comment:4 Changed 8 weeks ago by dkocher
- Milestone set to 7.0
- Status changed from new to assigned
comment:5 Changed 8 weeks ago by dkocher
- Resolution set to fixed
- Status changed from assigned to closed
comment:6 Changed 6 weeks ago by dkocher
- Milestone changed from 7.0 to 6.6.3
Note: See
TracTickets for help on using
tickets.
What makes you think that we make this false assumption?